More than half (55%) of cyberattacks experienced by retailers are against apps or mobile, according to a new NTT report, which comes at a time where online growth is setting new records.
In the November Global Threat Intelligence Centre Monthly Threat Report, NTT outlines a snapshot of the threats posed to retailers, including hostile malware activity from WannaCry, Ursnif, and Emotet.
Speaking to Retailbiz, NTT Australia director of cybersecurity, John Karabin says the trend of online consumer behaviour which started in the dot com era, accelerated after the launch of the smartphone and propelled by the current pandemic, has forced businesses to compete to deliver their customer experience in a digital wild west.
“As the ecommerce boom continues, so too do the cybersecurity threats to retailers,” he said.
“The targeting of malware continues to pay dividends for cybercriminals. Specific to retailers, this month’s report identified hostile malware activity from WannaCry, Ursnif, and Emotet. WannaCry, for example, is a worm that is now three years old, however, remains one of the most detected pieces of malware on the internet. This tells us that old vulnerabilities are remaining active targets and adversaries are leveraging artificial intelligence and machine learning and investing in the automation of attacks.
“We’ve seen this especially in recent months with adversaries taking advantage of the current COVID-19 pandemic by repurposing their toolset, deploying new infrastructure, and developing innovative campaigns to proactively target vulnerable organisations.”
According to Karabin, there are a few simple ways retailers can help mitigate threats. The first is to ensure all employees receive regular security training with emphasis on phishing attacks. Second to training is to update antivirus programs and implement strong password policies and ensure accounts use multi-factor authentication.
Black Friday and Cyber Monday see an influx of customers and with more people comes a heightened risk with cybercriminals, Avanade Australia senior director for cyber security, Guillaume Noé told Retailbiz.
“It is important to be aware of the potential threats at this time of the year, and to be prepared, vigilant and ready to respond effectively,” he said.
“Retailers may attract the undue attention of nefarious groups, more than at any other time of the year. They can be held to ransom with Denial of Service (DoS) and ransomware attacks crippling their business operations and denying them revenue. They can also be the subject of more sophisticated attacks putting their customers’ data and the reputation of their business at risk. Without due protection and preparation, retailers can be left with few options to deal with the aftermath of an attack, just ahead of one of the most critical transaction windows of the year.
“It’s a good time for retailers to review their cyber security risk defences and make any necessary improvements. This is particularly advisable for any businesses that haven’t had a security assessment in the last 12 months. In the event of a cyber-attack, it is essential for businesses to act swiftly and seek guidance from a cyber security specialist.”